Device Disposal And Defending Personal Information

View all blog posts under Articles | View all blog posts under Bachelor's in Cyber Security

With each passing year, our personal and professional lives become more dependent on digital electronic devices. Smartphones, tablets, laptops, netbooks, and PCs are just some of the electronics that have become crucial to our daily lives.

With new technology being developed so quickly, devices become outdated and sometimes obsolete within months. We are upgrading our digital appliances faster than ever to stay current with the latest and greatest technology and the result is cabinets, closets, and garages filling up with used electronic junk.

Disposing of portable electronic devices isn’t as simple as tossing a candy wrapper into a trash can. Devices that were used to store or transmit personal information could be a goldmine for hackers and may leave your personal information vulnerable to theft.

Protecting Personal Information

When it comes to personal files and saved information on hard drives, hitting the delete key doesn’t necessarily mean the information is gone forever. Securely deleting personal data involves knowing a little more about how data is stored on your device.

When you delete or erase something from your computer or mobile device, it is simply tagged for overwriting. But until this happens, your files are still accessible.

Digital forensics experts Ioannis Lazaridis, Theodoros Arampatzis, and Sotirios Pouros found there is a hierarchy of data found on hard disk drives. The data hierarchy ranges from level 0, which contains typical files with complete information, to level 5, which contains data that has been overwritten. The higher the data hierarchy level, the more difficult it is to retrieve the information.

Tech expert and journalist Matt Safford, in a 2015 Consumer Reports article (“How To Get Personal Data Off Your Devices”), said a secure wipe deletes and overwrites data several times. Each deletion and overwriting pass makes data more difficult to retrieve. “Unless you’re worried about corporate espionage or government intervention, three passes is generally sufficient,” he said.

Safford suggests using a bootable data-wiping utility such as Darik’s Boot And Nuke (DBAN) or Parted Magic to securely delete files and wipe hard drives. DBAN only works on standard hard drives while Parted Magic works on some solid state drives (SSDs) such as USB thumb drives.

Encryption

Smartphones, tablets, and even some laptops and netbooks use SSD storage as opposed to standard, spinning platter-based hard drives. The steps for securely deleting or wiping an SSD are a little different than the steps used for hard drives.

“One of the easiest ways [to securely wipe an SSD] is to encrypt the entire drive with a complex passphrase,” technical writer Adrian Kingsley-Hughes said in a December 2016 ZDNet article, “How to Securely Erase Hard Drives (HDDs) and Solid State Drives (SSDs).” “No passphrase, no data. You can then format the drive, from which point it should be sterile and ready to accept a reload of data.”

Encryption uses a passphrase or password and turns it into a key. That key is then used to scramble the data on your device so that it cannot be read without the use of the key. Once all of the information on an SSD (mobile device) is encrypted, any attempt to recover lost or deleted files is futile without the passphrase or password.

Another layer of complication comes from backdoor access to law enforcement. Recently, the FBI paid professional hackers more than $1 million to hack an iPhone belonging to Syed Farook, a gunman who opened fire during a 2015 office party in San Bernardino, CA, and killed 14 people.

The problem for the FBI wasn’t hacking a four-digit passcode; it was a security feature that deleted contents (in this case valuable evidence) after ten incorrect passcode attempts. Because of cases like Farook’s, law enforcement agencies have been lobbying for backdoor access to mobile device data.

Passwords Are Important

Experts suggest passwords follow a protocol that will make them difficult to hack but easy to remember. They should include the following elements:

  • Use 12 to14 characters minimum
  • Use upper- and lower-case letters, numbers, and symbols
  • Don’t use words or combinations of words found in the dictionary
  • Don’t use obvious substitutions, like 0 for “o,” or 1 for “i.” (i.e. H0use)
  • Don’t use family and pets’ names or birthdays

Another level of protection is to steer away from names and dates that are commonly associated with you. Hacker technology called Common User Password Profiler (CUPP) generates a word list based on personal information. It’s a powerful tool that allows hackers to guess your password based on limited information.

The Hammer Method

If secure wipes and disk encryptions seem too time consuming for something you are just trying to throw away, smashing a device to pieces is also an option.

To destroy hard drive platters, use a hammer or drill to make cracks and holes down the center. SSDs must be removed from their plastic housing, and each individual chip must then be shattered with a hammer.

Obviously, the hammer method does not permit for resale or donation of the used device once the storage medium has been destroyed.

Recycling Electronics

Many manufacturers and retailers of electronics now offer recycling and buy-back programs. According to the U.S. Environmental Protection Agency, companies that include Best Buy, Samsung, Staples, Vizio, Dell, and LG offer in-store and event recycling options, online recycling programs, drop-off sites, and mail-in offers.

You can also find stand-alone electronics recycling centers in or near your hometown. According to the Northeast Recycling Council, many electronics recycling centers offer the following options:

  • Collection of consumer and enterprise used and unwanted electronics
  • Refurbishing/resale
  • Demanufacturing for scrap
  • Secure shredding services for sensitive disks and media
  • Brokering whole units or components to other vendors
  • Asset recovery of surplus electronics from large organizations

Some recycling businesses will even pay for your used electronics. For every one million smartphones that are recycled, 35,274 pounds of copper, 772 pounds of silver, 75 pounds of gold, and 33 pounds of palladium can be recovered with a total value of some $2 million.

Maryville University – Online Degree in Cyber Security
Maryville University offers undergraduate and masters degrees in cyber security. Coursework includes topics such as cryptography, cloud security, incident handling, mobile forensics, and penetration testing. Students can log into their classroom anywhere, on any device, at any time with the Maryville Virtual Lab.

More information is available at Maryville University’s online cyber security website.

References:

Evaluation of Digital Forensics Tools on Data Recovery and Analysis: The Third International Conference on Computer Science, Computer Engineering, and Social Media – http://sdiwc.net/digital-library/evaluation-of-digital-forensics-tools-on-data-recovery-and-analysis.html
How to Get Personal Data Off Your Devices: Don’t Recycle, Trade-In, Sell, or Donate Your Device Without Wiping It Clean – http://www.consumerreports.org/cro/2013/11/remove-personal-data-from-any-device/index.htm
How to Securely Erase Hard Drives (HDDs) and Solid State Drives (SSDs) – http://www.zdnet.com/article/how-to-securely-erase-hard-drives-hdds-and-solid-state-drives-ssds/
How to Create a Strong Password (and Remember It) – https://www.howtogeek.com/195430/how-to-create-a-strong-password-and-remember-it/
Use CUPP to Generate Password Lists – https://null-byte.wonderhowto.com/how-to/use-cupp-generate-password-lists-0162625/
Electronic Donation and Recycling – https://www.epa.gov/recycle/electronics-donation-and-recycling
Toolkit for Setting Up Electronics Recycling Programs, Section II – https://nerc.org/documents/nebraska_tookit_section_II.pdf